refactor code

src/bunker.go

@@ -132,8 +132,8 @@ func (e mainEnv) setupRouter() *httprouter.Router {
 	router.GET("/v1/login/:mode/:address", e.userLogin)
 	router.GET("/v1/enter/:mode/:address/:tmp", e.userLoginEnter)
 
-	router.POST("/v1/xtoken/:token", e.userNewToken)
+	router.POST("/v1/xtoken/:token", e.userNewXtoken)
-	router.GET("/v1/xtoken/:xtoken", e.userCheckToken)
+	router.GET("/v1/xtoken/:xtoken", e.userCheckXtoken)
 
 	router.GET("/v1/consent/:mode/:address", e.consentAllUserRecords)
 	router.GET("/v1/consent/:mode/:address/:brief", e.consentUserRecord)

src/bunker_test.go

@@ -63,7 +63,7 @@ func TestCreateAPIUser(t *testing.T) {
 	request.Header.Set("X-Bunker-Token", rootToken)
 	//var resp http.ResponseWriter
 	rr = httptest.NewRecorder()
-	e.userNewToken(rr, request, ps2)
+	e.userNewXtoken(rr, request, ps2)
 	//fmt.Printf("after create token------------------\n%s\n\n\n", rr.Body)
 	err = json.Unmarshal(rr.Body.Bytes(), &raw)
 	if err != nil {
@@ -91,7 +91,7 @@ func TestCreateAPIUser(t *testing.T) {
 
 	p3 := httprouter.Param{"xtoken", tokenUUID}
 	ps3 := []httprouter.Param{p3}
-	e.userCheckToken(rr, request, ps3)
+	e.userCheckXtoken(rr, request, ps3)
 	fmt.Printf("get by token------------------\n%s\n\n\n", rr.Body)
 	err = json.Unmarshal(rr.Body.Bytes(), &raw)
 	if err != nil {

src/consent_api.go

@@ -104,9 +104,9 @@ func (e mainEnv) consentCancel(w http.ResponseWriter, r *http.Request, ps httpro
 		}
 	}
 	// make sure that user is logged in here, unless he wants to cancel emails
-	if e.enforceAuth(w, r, event) == false {
+	//if e.enforceAuth(w, r, event) == false {
-		return
+	//	return
-	}
+	//}
 	switch mode {
 	case "email":
 		address = normalizeEmail(address)

src/users_api.go

@@ -257,32 +257,28 @@ func (e mainEnv) userLoginEnter(w http.ResponseWriter, r *http.Request, ps httpr
 	}
 
 	userBson, err := e.db.lookupUserRecordByIndex(mode, address, e.conf)
-	if err != nil {
+	if userBson == nil || err != nil {
 		returnError(w, r, "internal error", 405, err, event)
 		return
 	}
 
-	if userBson != nil {
+	userTOKEN := userBson["token"].(string)
-		userTOKEN := userBson["token"].(string)
+	event.Record = userTOKEN
-		event.Record = userTOKEN
+	fmt.Printf("Found user record: %s\n", userTOKEN)
-		fmt.Printf("Found user record: %s\n", userTOKEN)
+	tmpCode := userBson["tempcode"].(string)
-		tmpCode := userBson["tempcode"].(string)
+	if tmp == tmpCode {
-		if tmp == tmpCode {
+		// user ented correct key
-			// user ented correct key
+		// generate temp user access code
-			// generate temp user access code
+		xtoken, err := e.db.generateUserLoginXToken(userTOKEN)
-			xtoken, err := e.db.generateUserLoginXToken(userTOKEN)
+		fmt.Printf("generate user access token: %s\n", xtoken)
-			fmt.Printf("generate user access token: %s\n", xtoken)
+		if err != nil {
-			if err != nil {
+			returnError(w, r, "internal error", 405, err, event)
-				returnError(w, r, "internal error", 405, err, event)
-				return
-			}
-			w.Header().Set("Content-Type", "application/json; charset=utf-8")
-			w.WriteHeader(200)
-			fmt.Fprintf(w, `{"status":"ok","xtoken":"%s","token":"%s"}`, xtoken, userTOKEN)
 			return
 		}
+		w.Header().Set("Content-Type", "application/json; charset=utf-8")
+		w.WriteHeader(200)
+		fmt.Fprintf(w, `{"status":"ok","xtoken":"%s","token":"%s"}`, xtoken, userTOKEN)
+		return
 	}
-	w.Header().Set("Content-Type", "application/json; charset=utf-8")
+	returnError(w, r, "internal error", 405, nil, event)
-	w.WriteHeader(200)
-	fmt.Fprintf(w, `{"status":"ok","token":""}`)
 }

src/utils.go

@@ -222,7 +222,7 @@ func (e mainEnv) enforceAuth(w http.ResponseWriter, r *http.Request, event *audi
 			}
 		}
 		/*
-			if e.db.checkToken(token[0]) == true {
+			if e.db.checkXtoken(token[0]) == true {
 				if event != nil {
 					event.Identity = "admin"
 				}

src/xtokens_api.go

@@ -11,9 +11,9 @@ import (
 	"github.com/tidwall/gjson"
 )
 
-func (e mainEnv) userNewToken(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
+func (e mainEnv) userNewXtoken(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
 	userTOKEN := ps.ByName("token")
-	event := audit("create user temp access by token", userTOKEN, "token", userTOKEN)
+	event := audit("create xtoken for user token", userTOKEN, "token", userTOKEN)
 	defer func() { event.submit(e.db) }()
 
 	if enforceUUID(w, userTOKEN, event) == false {
@@ -71,9 +71,9 @@ func (e mainEnv) userNewToken(w http.ResponseWriter, r *http.Request, ps httprou
 	fmt.Fprintf(w, `{"status":"ok","xtoken":%q}`, xtokenUUID)
 }
 
-func (e mainEnv) userCheckToken(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
+func (e mainEnv) userCheckXtoken(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
 	xtoken := ps.ByName("xtoken")
-	event := audit("get record by user temp access token", xtoken, "xtoken", xtoken)
+	event := audit("get record by xtoken", xtoken, "xtoken", xtoken)
 	defer func() { event.submit(e.db) }()
 
 	if enforceUUID(w, xtoken, event) == false {

src/xtokens_db.go

@@ -116,7 +116,7 @@ func (dbobj dbcon) generateUserLoginXToken(userTOKEN string) (string, error) {
 	return tokenUUID, nil
 }
 
-func (dbobj dbcon) checkToken(tokenUUID string) bool {
+func (dbobj dbcon) checkXtoken(tokenUUID string) bool {
 	//fmt.Printf("Token0 %s\n", tokenUUID)
 	if isValidUUID(tokenUUID) == false {
 		return false
@@ -153,7 +153,7 @@ func (dbobj dbcon) checkUserAuthXToken(xtokenUUID string) (tokenAuthResult, erro
 	// tokenType = temp
 	now := int32(time.Now().Unix())
 	if now > record["endtime"].(int32) {
-		return result, errors.New("token expired")
+		return result, errors.New("xtoken expired")
 	}
 	result.token = record["token"].(string)
 	if value, ok := record["fields"]; ok {